Containers are complex virtual entities that offer proven benefits to the business, but also require strict security guidelines. Find out how to get the most out of container security best practices.
Containers, better defined as an operating system virtualization instance that can run applications, microservices, and processes, are a staple of the tech industry. Their flexibility and ease of deployment can help achieve faster deliverables and more robust environments.
SEE: Kubernetes: a cheat sheet (free PDF) (TechRepublic)
“Containers have taken us further down the path of abstraction where developers have to think less about their infrastructure. Virtual machines have ignored hardware resources. Containers have gone further by hiding the complexities of the operating system, ”said Ganesh Pai, CEO of Uptycs, an SQL-based security analysis platform. “Containers offer robust application image management, runtime isolation, efficient scaling, resource pooling, and they have become an integral part of the modern microservices architecture.
Chris Ford, vice president of products at cloud security and compliance provider Threat Stack, noted how quickly they’ve become standard fare. “Containers have rapidly evolved from an emerging technology to an integral part of cloud strategies for many organizations. Gartner predicts that 2022, 75% of organizations will run containerized applications in production, compared to less than 30% today. Why run apps in containers? Efficiency and speed of development are the objectives. Containers help organizations accelerate the pace of innovation while optimizing the use of resources. “
As with anything tech-savvy, however, there are security concerns. SCMagazine.com recently reported that 50% of misconfigured containers are hit by botnets within an hour, and SecurityWeek revealed that attacks on container infrastructure are on the rise, including supply chain attacks.
Container security companies seek specific challenges
“Traditional server workload protection technology was designed for relatively static on-premises workloads, but it is too heavy to function well on ephemeral minimized container workloads,” Pai said. “Additionally, developers working with containers often use open source software that can contain backdoors and malware. Since the newer continuous integration, continuous development workflows mean that software is updated, tested, and deployed faster, it is beneficial for detecting malware and other vulnerabilities. earlier in the process.
“The new types of cloud workload protection platform tools solve these problems because they are designed to run either on container hosts or in containers themselves, and they can easily be integrated with CI / CD pipelines for early detection. Additionally, threat actors target CI / CD Pipelines to inject malicious behavior into the supply chain. The observation and action of telemetry at all stages of agile cloud workload deployments becomes important to SecDevOps teams.
SEE: Start to Finish: How to Deploy an LDAP Server (TechRepublic Premium)
Ford discussed the challenges of container security. “Container security startups are looking to solve some of the challenges that containers introduce: The increasingly automated nature of modern software development can quickly exacerbate security concerns. Automation can lead to configuration errors, vulnerabilities, and malware that quickly become ubiquitous. Adding layers of abstraction in the cloud infrastructure increases the surface of threats, especially when container orchestration (for example, Kubernetes) is used.
He said the challenges with solutions are that they focus on a single layer of infrastructure and that the workloads span a wide range of infrastructure types. This creates a “spread of tools”.
“Security teams can find themselves overwhelmed by different tools that generate results for multiple layers of infrastructure: virtual machines, containers, container orchestration, serverless,” said Ford. “This proliferation of tools can also hamper visibility of increasingly sophisticated attacks that span multiple layers of cloud infrastructure.”
The problems this generates: high operational costs, complexity, inefficient workflows, siled approach to security and compliance, limited risk visibility, fragmented policies and controls, ineffective risk prioritization and remediation, and audit reports and siled compliance.
SEE: How to use CyberPanel to easily manage Docker images and containers (TechRepublic)
Ford suggested, “Instead of continuing to use additional tools to support new types of infrastructure, like containers, security organizations should consider a comprehensive platform-centric approach to security and compliance. form. By increasing full stack observability across your cloud infrastructure, organizations have the ability to detect, assess, and respond to risk holistically across disparate environments. Security teams and the solutions they use can help accelerate their organization’s adoption of modern technologies while ensuring that they can address new risks and support emerging regulations at scale. “
Best practices for securing containers and microservices
Pai said the best way to secure these systems is to make it easier to manage and analyze security telemetry.
“We believe it should be simple to analyze and ask questions about your entire environment and gain rapid insights by aggregating and analyzing the telemetry of cloud workloads running in containers, its orchestration and its cloud service providers, ”he said. “The problem we’re solving is getting all this telemetry in one place and in a standardized format so that you can apply security scans for proactive security (audit and compliance) and reactive security (detection and response). “
SEE: Prisma Cloud Can Now Automatically Protect Cloud Workloads and Containers (TechRepublic)
Pai said he is focusing on telemetry-based security, which standardizes telemetry from container runtime (osquery), orchestration (kubequery), and cloud providers (cloudquery), which enables practitioners security department to get answers to questions such as: “What containers in my environment are running this known vulnerable package?” or “Where else does this file hash appear on my Kubernetes cluster?” ”
Ford said new businesses tend to focus solely on containers, but it’s important to look at their security posture in a more holistic way.
“Otherwise, painting a picture of the overall workload risk can be intimidating,” he said. “Disparate solutions generate disparate results, and while a SIEM can be used to aggregate those results, the goal should be to prioritize the work of security teams, not add more to monitor. Having one place to monitor containers, Fargate, Kubernetes, VMs, applications, and APIs from cloud providers is essential, eliminating the need for multiple tools. The goal is to provide visibility into these workloads, showing the risky activities of users, files, network and processes. “
But, more importantly, deploy containers quickly: “Companies that move cloud-native infrastructure to accelerate innovation won’t have to sacrifice speed for security. Threat Stack sensors, for example, are deployed at high speed and at scale using cloud native tools, ranging from popular configuration management tools to Kubernetes daemons and Helm charts, ”said Ford.
The future of container security
Container security can take several directions, depending on the approach and architectures adopted, Pai said. “IT, software development and deployment models will lead the charge, and security paradigms will follow. Container runtime environments will continue to evolve from Docker, Cri-o, Containerd, and they will likely be complemented by micro VM technologies such as AWS Firecracker and Google gVisor. Additionally, other serverless technologies such as Function-as-a-Service coupled with SaaS services will likely shape container security. Regardless of the approach that prevails, there will always be telemetry for setup, behavioral / usage tracking activity, and flow logs. the telemetry will be accessible directly from the runtime (container) or the service provider (API). “
SEE: Box CEO Aaron Levie: Clear skies for the cloud this year (TechRepublic)
Container security capabilities will increasingly be integrated into the fabric of broader security solutions, Pai said. Ford said he believes security measures will be increasingly automated.
“The scale of cloud native infrastructure exceeds the ability of security teams to respond to incidents,” said Ford. “The best solutions will combine detection mechanisms (rules, machine learning) to identify the highest concentration of risk and trigger automated remediation through a flexible integration framework and ecosystem of partners”